chore(deps): bump @cloudflare/sandbox from 0.7.21 to 0.12.1

[dependabot]

Bumps @cloudflare/sandbox from 0.7.21 to 0.12.1.

Release notes

Sourced from @​cloudflare/sandbox's releases.

@​cloudflare/sandbox@​0.12.1

Patch Changes

• #748 ab6206a Thanks @​ghostwriternr! - Recover automatically from transient infrastructure failures when the SDK opens its WebSocket control connection to a sandbox. Previously, any 5xx response other than 503 on the upgrade would fail the SDK call even when the container was healthy.

@​cloudflare/sandbox@​0.12.0

Minor Changes

• #739 9b4b1da Thanks @​scuffi! - Remove the desktop client API and desktop Docker image variant. The sandbox.desktop APIs, DesktopClient exports, desktop-related types/errors, and -desktop container image are no longer available.

Patch Changes

• #727 2acbd24 Thanks @​scuffi! - Add credentialProxy option to mountBucket to keep real S3 credentials out of the container. When enabled, the Durable Object intercepts and signs outbound S3 requests — the container only sees dummy credentials. Supports S3-compatible endpoints, R2, and GCS HMAC signing, with optimized R2 mount defaults for reliable read and write performance.

• #736 28b5dfa Thanks @​scuffi! - Fix bucket mounts when a Sandbox class defines a catch-all outbound handler by routing SDK-managed mount hosts through the SDK ContainerProxy.

• #737 93c74e3 Thanks @​scuffi! - Fix phantom running processes after a failed startProcess call. When the underlying session was unavailable or threw during startup, the process record was left in memory with status running and would appear in listProcesses() indefinitely. Failed startups are now correctly marked as terminal error records.

@​cloudflare/sandbox@​0.11.0

Minor Changes

• #708 287ec04 Thanks @​ghostwriternr! - Prevent stale preview URLs from waking or reaching sandbox runtimes. Invalid, revoked, or destroyed preview URLs return 404 INVALID_TOKEN; authorized URLs that are not activated for the current runtime return 410 STALE_PREVIEW_URL until the port is exposed again. Existing preview URLs that previously survived container restart now return 410 STALE_PREVIEW_URL after a restart until the port is exposed again in the new runtime.

  getExposedPorts() and isPortExposed() now report only ports that are currently preview-forwardable in the active runtime. unexposePort() is now idempotent: revoking a port that is not currently exposed succeeds without contacting the container. Preview URL state no longer uses the container-local exposed-port registry or proxy routes.

Patch Changes

• #733 d4a739b Thanks @​scuffi! - Allow backup and restore presigned URLs to target non-default R2 endpoints. Set BACKUP_BUCKET_ENDPOINT, for example https://<account_id>.eu.r2.cloudflarestorage.com, when your backup bucket uses an R2 jurisdiction.

• #732 8b9ec84 Thanks @​ghostwriternr! - Add bridge endpoints for managing tunnels to sandbox services. HTTP clients can call POST /v1/sandbox/:id/tunnel/:port with an optional name body field for a predictable named URL, and DELETE /v1/sandbox/:id/tunnel/:port to remove the tunnel.

• #730 de68927 Thanks @​ghostwriternr! - Classify Office Open XML files such as .xlsx and .docx as binary when reading files so they are returned with base64 encoding instead of text decoding.

• #722 95bb7b9 Thanks @​aron-cf! - Add named-tunnel support to sandbox.tunnels.get(port, { name }). Named tunnels bind a user-controlled hostname (<name>.<your-zone>) backed by a Cloudflare Tunnel and a proxied CNAME on your zone, so the URL is stable across container restarts and across sandboxes that share the same name. Calling sandbox.destroy() tears down the Cloudflare tunnel and DNS record alongside the container.

  const tunnel = await sandbox.tunnels.get(8080, { name: 'app' });
  console.log(tunnel.url); // → https://app.example.com

@​cloudflare/sandbox@​0.10.3

Patch Changes

• #715 453b577 Thanks @​aron-cf! - Upgrade capnweb to 0.8.0.

• #714 0ec4f42 Thanks @​aron-cf! - Bundle cloudflared into the musl/Alpine images.

• #706 ae5f9a1 Thanks @​scuffi! - Add sessionless execution mode with a configurable default-session policy.

  Set enableDefaultSession: false in SandboxOptions to run implicit top-level operations without a persistent shell — each command gets a fresh process with no shared state. The option is scoped to the sandbox object returned by getSandbox(...); explicit per-call session IDs continue to target that session.

... (truncated)

Commits

• 48f3f4f Version Packages (#749)
• ab6206a Retry transient WebSocket upgrades (#748)
• 0e6061b Add git-repo-per-sandbox example (#584)
• 9c6de51 Version Packages (#743)
• 95c7df7 Fix bridge dropping credentialProxy property (#744)
• 9b4b1da Remove desktop functionality (#739)
• 28b5dfa Fix S3/R2 mount credential proxy when catch-all handler defined (#736)
• e408a38 Add Codex app-server WebSocket auth (#746)
• b64d125 Bump vitest, @​cloudflare/vitest-pool-workers and @​vitest/ui (#735)
• b50b7ce Bump react-router from 7.14.1 to 7.15.0 (#738)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)